India’s securities market regulator, the Securities and Exchange Board of India (“SEBI”), was established in 1988. Protecting the interests of investors is a core tenet enshrined in SEBI’s preamble. More recently, and in support of that core tenet, SEBI has become an example of successful alternative dispute resolution at work and, critically, of the importance of choice in dispute resolution.

A. SEBI’s historic mechanism for dispute resolution

SEBI has long recognized the need for an efficient resolution mechanism for the numerous investor grievances that arise, and the organization has evolved and adapted to changing trends in dispute resolution over the years.

From 2010 to 2012, SEBI launched the following initiatives:

1. Market Infrastructure Institution (“MII”)–administered arbitrations, which facilitated arbitration proceedings under the guidance of MIIs like stock exchanges and depositories;^[1]
2. SEBI Complaints Redress System (“SCORES”), a centralized web-based investor complaint redressal system;^[2] and
3. Investor Grievances Redressal Committee (“IGRC”), which facilitated conciliation and mediation for investor-intermediary disputes.^[3]

The MII-administered dispute resolution process covered only a few intermediaries—stockbrokers, commodity brokers, depository participants, listed companies, and share transfer agents.

B. SEBI’s current mechanism for dispute resolution

In recent years, the pandemic and the larger digitization trend in the dispute resolution arena have increased demand for fast, convenient, and cost-efficient Online Dispute Resolution (“ODR”) platforms. Recognizing this trend, in July 2023, SEBI created a comprehensive ODR mechanism—including mediation, conciliation, and arbitration—intended for all intermediaries to use in the securities market.^[4]

On July 31, 2023, SEBI published the specifics of its new ODR mechanism (the “ODR Circular”).^[5] This publication heralded a new era of streamlined dispute resolution under SEBI’s purview. Investors now have access to two distinct avenues for dispute resolution:

1. the legacy SCORES Platform; and
2. the newer ODR Portal.

Each avenue offers expedited pathways to investors seeking redressal for their grievances.

To use SEBI’s dispute resolution mechanism, an investor may initiate a complaint with listed companies, specified intermediaries, regulated entities, or other securities market participants. If the market participant does not redress the grievance satisfactorily, the investor has two choices:

1. SCORES: The investor may escalate the complaint through the legacy SCORES Platform; or
2. ODR Portal: The investor may initiate dispute resolution through the ODR Portal. Under this method, once the investor’s complaint is filed, the ODR Portal will robotically allocate (through a round-robin system) one of the impaneled ODR institutions to administer the dispute. SEBI has published detailed instructions regarding timelines, procedure, and fees for resolving disputes through the ODR Portal.

C. Amendment to ODR Circular introducing choice of multiple dispute resolution mechanisms

Just a few months after publishing the ODR Circular, SEBI amended it on December 20, 2023 (the “Amendment Circular”).^[6] The amendment provides investors and regulated entities with the option to elect one of the following dispute resolution mechanisms by contract:^[7]

Timeline for exercising the choice: For all new contractual arrangements, parties must choose their dispute resolution mechanism at the time of entering the contract. For existing contractual arrangements, investors and regulators are required to exercise this choice within a period of six months from the date of the Amendment Circular.^[8] If a party fails to make this selection, the party is presumed to have chosen the ODR Circular mechanism.

Matters outside purview of ODR Portal: SEBI has in the Amendment Circular also made an important clarification that all matters that are appealable before the Securities Appellate Tribunal in terms of Section 15T of SEBI Act, 1992 (other than matters escalated through the SCORES portal in accordance with the SEBI SCORES circular); Sections 22A and 23L of Securities Contracts (Regulation) Act, 1956; and Section 23A of Depositories Act, 1996 shall be outside the purview of the ODR Portal.

D. A careful choice requiring deliberation

The decision between independent arbitration institutions and the ODR Circular mechanism warrants careful consideration—and the decision must be made by contract, not once the dispute arises. Both choices offer compelling benefits.

On one hand, the route of the ODR Portal with an ODR institution impaneled by an MII offers expedited, time-bound, and cost-effective procedures that may be suitable for small claims.

However, it is a relatively new procedure. There may not be real visibility on the arbitrator’s and conciliator’s names and qualifications until they are appointed. Moreover, the quality or subject-matter expertise of the conciliators or arbitrators may vary, since appointments through the ODR Portal are, in some cases, algorithm based.

Although the ODR Circular mechanism is newer, it may be beneficial that it provides for significantly shorter timeframes compared to a regular arbitration process. For instance, upon issuance/pronouncement of an award in an arbitral proceeding through the ODR Portal, the aggrieved party has to convey its intention to challenge the award under Section 34 of India’s Arbitration and Conciliation Act, 1996 (the “Arbitration Act”) within seven calendar days. The Arbitration Act permits an aggrieved party up to 120 days to file an application to set aside an arbitration award. In matters involving significant stakes and a large volume of documents, the aggrieved party may need more than seven days to decide whether to challenge an award. Therefore, the feasibility of such a timeline remains to be seen.

On the other hand, opting for an independent arbitration institution in India may come with its own benefits. It may be possible to avail oneself of the services of an emergency arbitrator for urgent interim relief, if permitted under the chosen rules of the arbitration institution. The parties also have the right to nominate their own arbitrators. Unlike the round-robin system in the ODR Circular mechanism, which robotically allocates one of the impaneled ODR institutions, the parties have the option to select an independent arbitration institution in India of their choice and preference.

Ultimately, the choice between utilizing the ODR Circular mechanism or opting for independent arbitration institutions has to be on a case-by-case basis, considering the claim amount involved, the familiarity and comfort of the parties, the associated costs, and the need for flexibility in timelines or adherence to strict timelines.

Conclusion

SEBI’s proactive approach in enhancing dispute resolution mechanisms reflects its commitment to safeguarding investor interests and fostering confidence in the Indian securities market. By providing investors with a choice between the ODR Portal and independent mediation, conciliation, and arbitration institutions, SEBI has recognised party autonomy and at the same time taken a significant step towards ensuring efficient and equitable resolution of disputes in the securities market.

1. Securities and Exchange Board of India, Arbitration Mechanism in Stock Exchanges, CIR/MRD/DSA/29/2010 (Issued on August 31, 2010). ↑

2. Securities and Exchange Board of India, Processing of investor complaints against listed companies in SEBI Complaints Redress System (SCORES), CIR/OIAE/2/2011 (Issued on June 3, 2011). ↑

3. Securities and Exchange Board of India, Investor Grievance Redressal Mechanism at Stock Exchanges, CIR/MRD/DSA/03/2012 (Issued on January 20, 2012). ↑

4. Securities and Exchange Board of India (Alternative Dispute Resolution Mechanism) (Amendment) Regulations, 2023, SEBI/LAD–NRO/GN/2023/137. ↑

5. Securities and Exchange Board of India, Online Resolution of Disputes in the Indian Securities Market, SEBI/HO/OIAE/OIAE_IAD-1/P/CIR/2023/131 (Issued on July 31, 2023). ↑

6. Securities and Exchange Board of India, Amendment to Circular dated July 31, 2023 on Online Resolution of Disputes in the Indian Securities Market, SEBI/HO/OIAE/OIAE_IAD-3/P/CIR/2023/191 (Issued on December 20, 2023). ↑

7. This option is available to the investors and regulated entities mentioned in Schedule B of the ODR Circular. ↑

8. December 20, 2023. ↑

Exhilarated. Exhausted. Ecstatic. Emotional. Multiple superlatives described my feeling upon reaching the summit of Mount Kilimanjaro—Uhuru Peak, elevation 19,341 feet, highest point in Africa and highest freestanding mountain in the world.

I had dreamt of this achievement for a number of years. However, I thought I had “aged” out of reaching this bucket list item. After some research, I learned that the average age for successfully hiking Mount Kilimanjaro was thirty-seven; however, there were climbers over age seventy, with the oldest being eighty-nine. So began the quest of celebrating my sixty-fifth birthday by taking on this challenge in 2024. Plus, as a lawyer who has been practicing nearly forty years, I viewed this adventure as a great way to recharge and re-energize.

Heidi McNeil Staudenmaier, a University of Iowa alum, showed her school pride at the summit of Mount Kilimanjaro. Image courtesy of Heidi McNeil Staudenmaier.

After several years of planning and training, the dream commenced for real by traveling to Tanzania in late June. After two days of acclimating and participating in community service projects in the city of Arusha, our all-woman team (eight were age thirtyish, one age forty, and then me, the “old lady” of sixty-five) was ready to go. My nine new “daughters” immediately started calling me Trail Mama. Our US guide was a twenty-six-year-old guy undertaking his first solo guided trip up Kilimanjaro, although he had made numerous summits since his teenage years. Plus, we had four lead Tanzanian guides who touted hundreds of summits under their belts. We proved to be in excellent hands.

We start our seven-day trek at the Machame Gate (6,800 ft. elevation), trudging up a muddy and winding trail in the shambas and montane rainforest boasting monkeys and numerous songbirds. After six hours and 3,000 feet of elevation gain, we reach the Machame Campsite (9,840 ft. elevation). Our wonderful Tanzanian porters transported our tents, sleeping gear, clothes, food, water, and other necessities up the mountain so we could enjoy a hot dinner after a challenging first day.

On Day Two, we spend six hours hiking out of the rainforest up a steep ridge, then through open moorlands and across a large gorge to reach the Shira Campsite (elevation of 12,450 ft.—another gain of 3,000). We’re now about as high as Humphreys Peak, which is the highest mountain in my adopted state of Arizona. On Day Three, we have a long climb to Lava Tower Ridgeline to reach 14,800 feet of elevation, followed by up and down trekking for eight hours to settle at Barranco Campsite for the night. The nights are getting colder and colder as we climb higher, so I appreciate having a hot water bottle to put in my zero-degree sleeping bag while camping on the frozen tundra ground. The early morning hot tea in my tent literally brings tears of joy and thanks. Many members of our team (including me) have a sleepless night, worrying about what awaits the next morning.

Day Four begins with much trepidation of hiking across the Barranco Valley and then having to climb up the treacherous Barranco Wall. The best advice from our guides: Don’t look down, and just hug the wall. Yeah, right. Happily, we all successfully navigate the Wall and continue to climb into and above the clouds. After five or six hours of trekking across the Karanga River Valley, we arrive at the Karanga Campsite (13,400 ft. elevation).

Day Five involves only five hours of hiking (3,000 elevation gain) up the ridge to Kosovo Campsite (16,076 ft. elevation). Summit Day looms large, and we need to prepare both mentally and physically for an early morning push to the crowning achievement.

Summit Day begins at 3:30 AM, with hot breakfast and final instructions/encouragement from our guides. We’re wearing literally every piece of warm clothing we brought along as we don our headlamps and cautiously make our way up the steep trail. We welcome the breathtaking sunrise at 6:30 AM, as well as the warmth accompanying the sun. There are many moments where I can’t catch my breath, or my heart is racing, or my headache is splitting from the high altitude. But I’m Iowa Stubborn and keep telling myself, “If you think you can, you can. If you think you can’t, you’re right” (something instilled by my junior high social studies teacher). We hit the first official summit (Stella, elevation 18,885 ft.) after nearly five hours. We celebrate and take countless photos. The crown jewel—Uhuru Summit—awaits at an elevation of 19,341 feet. An hour or less to go.

A recent snowstorm requires us to don micro-spikes on our hiking boots to traverse the ice and snow on the final ascent. Then, in a blink, we’re at the summit. We did it. It truly was an unreal feeling, and it took me several days to fully realize my accomplishment and that of my team. Only 60–65 percent of those who start the Kilimanjaro climb ultimately reach the summit. (Unfortunately, one of our team members had uncontrollable headaches and shortness of breath, and was unable to reach the summit.)

Staudenmaier (second from left, in yellow hat) made the trek to Uhuru Peak with an all-woman team, plus their guides and porters. Image courtesy of Heidi McNeil Staudenmaier.

After our summit accomplishment, we quickly descend nearly 7,000 feet, reaching Millennium Campsite (12,700 ft. elevation). Our descent off the mountain takes a different route than our ascent. Summit Day, although providing great elation, lasted twelve hours and expended most of our mental and physical energies. We complete the final descent on Day Seven, slogging through the muddy rainforest to exit through Mweka Park Gate. Our Tanzanian guides and porters celebrate our happy descent with lots of food, dance, and song.

Was it worth all the training, physical and mental “torture” of seven days on the mountain? Absolutely. Would I do it again? No way—unless perhaps I were age thirty again. But at age sixty-five, I’ll rest on my laurels and bask in the glow of my Kilimanjaro Official Summit Certificate. And I can enthusiastically state that I was indeed re-energized to get back into the practice of law again after recovering from the adventure.

This article is adapted from chapter 5 of Unjust Debts: How Our Bankruptcy System Makes America More Unequal by Melissa B. Jacoby (New Press, 2024).

Bankruptcy court is the busiest part of the federal judiciary. In theory, bankruptcy exists to cancel or restructure debts—a safety valve designed to provide a mechanism to restart lives and businesses that have experienced financial distress. Unjust Debts explores how an expansive interpretation of the national bankruptcy power falls short on its core functions while also unduly encroaching on other laws and policies, and calls for a more limited and effective bankruptcy system going forward.

On December 14, 2012, Adam Lanza killed twenty children and six adults at Sandy Hook Elementary School and then killed himself—all in a matter of minutes with a semiautomatic rifle made for military combat. Grieving families sued gun and ammunition maker Remington Outdoor Company. In pursuing wrongful death claims, coupled with punitive damage requests, representatives of the families told the press their goals were not remunerative: they wanted to publicize information about the marketing of deadly weapons and to prevent future harms.

Having overcome many hurdles, the Sandy Hook families were preparing for trial when Remington filed for Chapter 11. In its first bankruptcy a few years earlier, the company emerged having flushed over $600 million of debt. This time around, Remington had a different agenda: to sell itself, and fast.

When Congress passed the Bankruptcy Code in 1978, drafters envisioned a multistep process to sell an operating company through Chapter 11. That process gave control and governance rights to claimants of many kinds to help chart the company’s future and allocate its value. Remington, its lenders, and potential buyers preferred to follow a different script that has developed through practice, one that allows consequential decisions about the company to happen without creditor governance and voting or the raft of statutory requirements in the Bankruptcy Code. Buyers demand sale orders insulating them from responsibility for the seller’s alleged wrongdoing, no matter how profitable the company becomes under new ownership.

Remington is not an outlier. Today, powerful parties regularly use Chapter 11 for games of chicken. Dismantling the statutory package of benefits and obligations allows powerful parties to extract and divert the benefits of Chapter 11 for themselves, overriding many other laws in the process.

In 1978, when Congress enacted the Bankruptcy Code, giving companies latitude to reorganize was said to foster competition and preserve jobs, as well as promote equal treatment of similarly situated creditors. Because the new Bankruptcy Code defined “debt” broadly, Chapter 11 would sweep in liabilities arising from diverse legal doctrines far beyond contract law, including tort and statutory, regulatory, and constitutional law, and it could change claimants’ rights without their consent.

This power came with trade-offs. Creditors of all kinds would collaborate with the company on a restructuring plan. In addition to shared governance and creditor voting, the Chapter 11 package included responsibilities to investigate and potentially remedy wrongdoing. The threat and reality of these checks and balances, including the possibility of displacing management, were designed to make the system operate fairly for everyone.

Chapter 11 puts a thumb on the scale in favor of reorganization through provisions that boost the odds a troubled company will recover. Lenders that offer new financing to a financially distressed company can get legal protection unavailable in private transactions. The bankrupt company also gets to make decisions (subject to court review) about its ongoing contracts without counterparty consent.

Particularly if separated from the package deal, these Chapter 11 “boosters” create tension with federalism. If powerful parties can dislodge the perks of bankruptcy law from the checks and balances, a wide range of people are at risk of losing important legal protections, and other non-bankruptcy policies may be shortchanged. Quick sales risk overriding a wide range of state laws and initiatives, and expanding the reach of national law and federal courts.

If the Chapter 11 package is so important, why is that package unbundled on a regular basis? Money.

Section 364 of the Bankruptcy Code provides incentives for lenders to extend credit to a troubled company. The lender gets more assets of the bankruptcy estate as collateral to secure the loan and higher priority repayment rights. Backed by an enforceable federal court order, these loans involve government intervention that private credit markets value greatly. Section 364 was meant to attract lenders to compete to fund distressed but viable companies. Studies consistently show that these loans are profitable and extremely low risk.

Unfortunately, these loans too often are also financially extractive, reallocating value away from other creditors. What’s more, however, lenders frequently use the leverage of their position to unbundle the Chapter 11 package deal meant to protect all stakeholders, including refusing to fund investigations and other elements that promote the integrity of the process.

As noted earlier, Bankruptcy Code drafters envisioned sales of entire companies happening through a Chapter 11 plan approval process, with creditor voting. Yet, lenders commonly insist that the company sell itself quickly without voting or satisfying the requirements of a Chapter 11 plan. That dynamic is captured in a Wall Street Journal quotation: “More companies that wind up in bankruptcy court are facing a stark demand from their banks: sell yourself now.” Appellate courts have tolerated these practices if the company can articulate a good business reason. That approach invites sale advocates to recite a parade of horribles if their request is opposed or denied: value destroyed, jobs lost.

A purchaser in a quick Chapter 11 sale gets significant benefits because even the truncated process delivers what ordinary mergers and acquisitions do not: a federal court order blessing terms and offering finality. Under section 363(m) of the Bankruptcy Code, if the court has approved the sale and the transaction has closed, an appellate court cannot unwind the sale if it later finds it flawed.

That finality has broader ramifications for creditors, particularly when these sales generate few cash proceeds to satisfy their claims. The doctrine of successor liability in non-bankruptcy law typically determines when a buyer should be on the hook for obligations of the seller. The Bankruptcy Code does not say that quick going-concern sales override successor liability. Section 363(f) of the Bankruptcy Code identifies circumstances under which a buyer can take the assets free and clear of interests held by others in those assets. In bankruptcy law, the interest typically means property interest, such as a mortgage on a building, or equity interest, but not a claim held by a creditor. Yet, some appellate courts have adopted an expansive interpretation, overriding successor liability doctrine. The U.S. Court of Appeals for the Fourth Circuit relieved the buyer of a coal company from retired coal miners’ pension and health care benefits mandated by the federal Coal Act because the sale happened in bankruptcy. In TWA’s third bankruptcy, the airline aimed to sell itself quickly to American Airlines, which did not want to honor a settlement TWA had reached with flight attendants for pregnancy discrimination. In its objection, the federal government explained that the Bankruptcy Code did not authorize bankruptcy sales overriding federal antidiscrimination laws. The U.S. Court of Appeals for the Third Circuit blessed the sale and cited job saving and future employee benefits as rationales.

There are no guarantees that these sales save jobs, of course. Consider the Weinstein Company, the entertainment firm. It already was low on employees by the time it filed for Chapter 11 to sell itself quickly to a private equity firm. The company said the sale would save jobs, but the buyer made no binding commitment to keep the remaining employees. Indeed, seemingly at the buyer’s request, the company laid off more employees before the sale was finalized. Although one of the buyers of Remington, the gun and ammunition company, promised to rehire two hundred workers, the Wall Street Journal reported that it fired them in the interim, such that the workers lost their health benefits during the COVID-19 pandemic. Unbundled bankruptcies, which deviate from the package deal Congress prescribed, are themselves a gamble.

Although insulation from successor liability should lead to higher sale prices in theory, many scholars and commentators worry that this does not happen in reality, potentially undercompensating claimants for the protections they have lost in the process. Claimants may receive smaller recoveries from quick going-concern sales—either because the sale did not maximize value, or because the privately negotiated sale procedures distorted the distribution of the sale proceeds, or both. Lenders setting the timeline may not need or be seeking top dollar for the company in order to be fully compensated.

The unbundling of Chapter 11 also greatly affects ongoing contract rights. Chapter 11 gives companies considerable discretion over what to do with pending contracts, to maximize the benefits to the bankruptcy estate. The company can even assign some contracts to a third party without counterparty consent. The catch is that doing so is supposed to increase the feasibility of a business restructuring, or at least maximize the value of the bankruptcy estate. That’s why Congress gave a bankrupt company the right to override state contract law.

This rationale for this federal law of contracts, already rightly controversial, loses steam when a non-bankrupt private party can co-opt this power for its own benefit. And that’s very much a risk in these unbundled bankruptcy cases. Here’s an example: the Weinstein Company was a party to tens of thousands of contracts, many relating to intellectual property from films and television. To have a qualifying bid to compete with the stalking horse bidder to buy the company, other bidders were required to identify on a short timeline which contracts they wanted and how they would cure defaults. The stalking horse bidder, a private equity firm, was given a long period of time to decide, after the sale to it had been approved, which contracts it wanted and how much it was willing to pay. This process not only reduced the ability of others to submit competitive bids, but it also made it impossible to determine whether the contract decisions were in the best interest of The Weinstein Company bankruptcy estate as the law requires.

* * *

Congress built Chapter 11 to enable an overindebted company to stay in business if a company could persuade enough creditors to support its vision, reflected through voting and plan confirmation. The rights and obligations in the integrated Chapter 11 package were not intended to be frictionless; they were gateways to significant legal privileges. Dismantling Chapter 11 to facilitate a quick sale turns this federal law into a platform for dealmaking among the most powerful parties, allowing them to extract the law’s extraordinary perks without fulfilling federal law objectives.

The Mendes Hershman Student Writing Contest is a highly regarded legal writing competition that encourages and rewards law students for their outstanding writing on business law topics. Papers are judged on research and analysis, choice of topic, writing style, originality, and contribution to the literature available on the topic. The distinguished former Business Law Section Chair Mendes Hershman (1974–1975) lends his name to this legacy. Read the abstract of this year’s second-place winner, Samuel H. Hirsch of University of Miami School of Law, Class of 2025, below.

Over sixty years ago, the Supreme Court of Delaware suggested that absent suspicion of wrongdoing, directors of a Delaware corporation have no duty to set up procedures for gathering and responding to information about compliance with regulations. But over time, Delaware courts clarified that directors cannot simply turn a blind eye—they must keep themselves informed through systems designed to oversee regulated business activities. Recently, in the two-part decision In re McDonald’s Corp. Stockholder Derivative Litigation,^[1] the Delaware Chancery Court expanded the duty of oversight to officers but reinforced that these suits are difficult to win a judgment on. The expansion of oversight duties to officers will result in better corporate management as the risk of personal liability to directors and officers increases. Also, the decision clarified that the mission-critical standard for Caremark claims established in Marchand v. Barnhill^[2] is no longer the baseline; if directors and/or officers receive notice of any red flag, regardless of its mission-critical status, they are obligated to respond. Finally, a high hurdle to succeed on a Caremark claim will ensure corporate assets are not wasted.

1. In re McDonald’s Corp. S’holder Deriv. Litig. (McDonald’s I), 289 A.3d 343 (Del. Ch. 2023); In re McDonald’s Corp. S’holder Deriv. Litig. (McDonald’s II), 291 A.3d 652 (Del. Ch. 2023). ↑

2. Marchand v. Barnhill, 212 A.3d 805, 824 (Del. 2019). ↑

While the recent proliferation of comprehensive privacy laws enacted by at least eighteen states has dominated the news in the US, another development threatens to further impact companies operating websites accessed by California consumers—the recent wave of lawsuits and arbitration demands under the California Invasion of Privacy Act (CIPA).

Both large and small companies that operate websites California consumers visit have been receiving letters threatening litigation or arbitration. In many instances, these threats have materialized into actual lawsuits (including putative class actions) and arbitration proceedings. The CIPA allows for statutory damages of $5,000 per violation, which could pose significant financial risk to companies where claims of alleged violations are asserted on behalf of a class.

Why Are These Claims Being Filed Now?

The California Consumer Privacy Act (CCPA), amended by the California Privacy Rights Act (CPRA), pioneered broad privacy rights for consumers in the United States. Following California’s lead, more than a dozen states have enacted similar comprehensive privacy laws. However, most of these state laws, including California’s, do not provide a private right of action for violations except for data breaches under the CCPA. Critics argue that without a private right of action, these laws lack the necessary enforcement mechanisms to ensure compliance. In response, plaintiffs’ attorneys in California have sought alternative legal strategies.

One such strategy involves invoking the CIPA, a decades-old criminal statute enacted in 1967 to prevent eavesdropping on telephone calls. This approach represents a novel attempt to bypass the limitations of the CCPA by leveraging a law designed for different circumstances, thus giving it a modern application in the digital age. A significant issue underlying these lawsuits is whether the use of cookies and other website tracking technologies by companies constitutes a violation of individuals’ privacy rights.

What Is the Basis for These Claims?

The new CIPA cases focus on the alleged unlawful use of website tracking technologies, such as cookies, pixels, tags, and beacons, to collect and use personal information of people who visit these websites. Many of the lawsuits and arbitration demands center around a few key arguments.

Website tracking technologies are alleged to be unlawful “pen registers.” Plaintiffs allege that tracking technologies are used to “record” a user’s interactions with websites, which amounts to the use of a “pen register” or “trap and trace” device (although the bulk of the claims and related court decisions have focused on the definition of pen register rather than trap and trace). These technologies capture information, such as IP addresses, when users visit or leave a website, thereby recording “dialing, routing, addressing, or signaling information” transmitted from a device but not the content of the communication.^[1] Such activities, plaintiffs argue, amount to illegal pen registers under the CIPA.

Using tracking technologies without consent allegedly violates users’ right to privacy. Under California law, it is prohibited to use a pen register or trap and trace device without either a court order or explicit consent from the person being tracked.^[2] Plaintiffs allege that when websites deploy tracking technologies without obtaining consent beforehand, it constitutes a violation of the CIPA.

A frequently cited case in these lawsuits is Greenley v. Kochava.^[3] In this case, the court denied the defendant’s motion to dismiss and rejected the argument that a privacy company’s surreptitiously embedded software did not constitute a “pen register.”^[4] The court sided with the plaintiff, asserting that when software identifies consumers, gathers data, and correlates that data through unique “fingerprinting,” it constitutes a “process” through which a pen register can be deployed.^[5]

Despite many plaintiffs’ heavy reliance on Greenley, it is important to note that this case is still pending and has not yet set a definitive precedent on these legal points. Moreover, the specifics of Greenley distinguish it from many other claims. Defendant Kochava, a data broker, provided software development kits (SDKs) to its customers, meaning the data in question was not collected directly through Kochava’s own website but through software deployed on customers’ websites. Consequently, users who visited these websites were arguably unaware of the Kochava SDK’s presence, differentiating these circumstances from those involving direct website tracking.

This distinction is critical: it suggests that recent claims against website operators may not be directly analogous to Greenley. The indirect nature of data collection in Greenley, compared to direct website tracking claims, underscores how much each CIPA case may turn on its specific facts.

Recent Case Developments

Some companies have opted to settle these CIPA claims rather than litigate them. However, it is crucial to understand that settling early with one claimant does not shield a company from subsequent similar claims and could have the unintended consequence of inviting future lawsuits by plaintiffs’ counsel. For those who have chosen to fight, preliminary rulings have been mixed, and no claim has yet been fully litigated to final judgment.

Two significant cases in this area are Licea v. Hickory Farms^[6] and Levings v. Choice Hotels,^[7] both in the Los Angeles County Superior Court and involving nearly identical claims regarding defendants’ use of website tracking technologies. These cases, filed by the same law firm, have seen divergent outcomes in their initial rulings.

In Licea, the court sustained Hickory Farms’ demurrer, concluding that the plaintiff failed to demonstrate the use of a “pen register.”^[8] The court distinguished this case from Greenley partly by disagreeing that tracking IP addresses was analogous to the unique digital “fingerprinting” involved in Greenley.

Conversely, in Levings, the court overruled Choice Hotels’ demurrer, finding that the defendant had “‘deployed a software device and process’ which first recorded the information transmitted by Plaintiff’s device, and then used that information to install tracking code on Plaintiff’s device.” ^[9] The court found this sufficient to describe the use of a pen register as defined under California law.^[10]

A key difference between these cases is their treatment of consent and the argument that voluntarily visiting a website implies consent to the use of website tracking technologies, even if such technologies are considered pen registers.

In Licea, the court indicated that even if the tool used to capture user information qualified as a pen register, the argument that users implied consent by visiting the website—where an IP address may be voluntarily disclosed—was persuasive. The court referenced prior cases such as Heeger v. Facebook, Inc.^[11] and U.S. v. Forrester^[12] to support this view.^[13]

In contrast, the court in Levings rejected the notion that simply visiting a website constitutes implied consent to collection of information. The court stated that accepting this argument “would allow the exception to swallow the rule whole.”^[14]

Given that neither case has progressed to a final judgment, defendants in other suits face potentially contradictory rulings on two critical issues:

• whether internet tracking tools qualify as pen registers
• whether visiting a website constitutes consent for the collection of user information

In Licea, the court expressed concern about the broader implications of interpreting web tracking technologies as pen registers, which could render nearly every online entity a potential criminal violator. The court noted that “public policy strongly disputes Plaintiff’s potential interpretation of privacy laws as one rendering every single entity voluntarily visited by a potential plaintiff, thereby providing an IP address for purposes of connecting the website, as a violator. Such broad-based interpretation would potentially disrupt a large swath of internet commerce without further refinement as [to] the precise basis of liability.”^[15] This point is potentially a harbinger of the debate that will escalate as more restrictions on website data gathering are considered by the courts and legislatures.

The preliminary rulings in Licea and Levings highlight the complex and evolving nature of privacy litigation in California. Companies must stay informed and be proactive in managing their compliance with privacy laws to mitigate risks associated with these legal challenges.

What Can Companies Do Now, Even If They Haven’t Yet Received a Complaint or Arbitration Demand?

As courts continue to grapple with whether website tracking technologies qualify as pen registers and whether visiting a website implies consent for data collection, companies must proactively review their technology and compliance practices.

Many US state laws, starting with California, include specific rules regarding the notices companies must provide on their websites, how they can use consumers’ information, and how such information can lawfully be shared with third parties. Companies should begin by ensuring that their websites and notices (e.g., website privacy policies) comply with the various states’ data protection laws.

Beyond legal compliance, companies should assess whether they are truly transparent about their website tracking technologies. For instance, does the company’s privacy notice include comprehensive information about cookies and tracking technologies, including which ones are used and how users can block them or opt out?

If possible, companies should consider deploying an opt-in mechanism for tracking technologies for California users. One of the key considerations in the cited cases is whether visiting a website constitutes consent for data collection. By asking for explicit consent (i.e., an opt-in for tracking technologies like cookies), companies could potentially provide an affirmative defense against allegations that an unlawful pen register was deployed, as consent is an exception to the prohibition on the use of pen registers.

Regardless, companies should remain vigilant for threatening letters, demands for arbitration, and service of claims related to the CIPA. Plaintiffs’ firms do not appear to discriminate based on company size or industry. If a company operates a website in the US and California consumers visit it, it is a potential target.

1. Ca. Pen. Code § 638.50. ↑

2. Ca. Pen. Code § 638.51. ↑

3. 684 F. Supp. 3d 1024 (S.D. Cal. 2023). ↑

4. Id. at 1050. ↑

5. Id. ↑

6. No. 23STCV26148, 2024 WL 1698147 (Cal. Super. L.A. Cnty. Mar. 13, 2024). ↑

7. No. 23STCV28359, 2024 WL 1481189 (Cal. Super. Ct. L.A. Cnty. Apr. 3, 2024). ↑

8. Licea, 2024 WL 1698147, at *4. ↑

9. Levings, 2024 WL 1481189, at *2. ↑

10. Id. ↑

11. 509 F. Supp. 3d 1182, 1190 (N.D. Cal. 2020). ↑

12. 512 F.3d 500, 510 (9th Cir. 2008). ↑

13. Licea, 2024 WL 1698147, at *4. ↑

14. Levings, 2024 WL 1481189, at *2. ↑

15. Licea, 2024 WL 1698147, at *4. ↑

Historically, blue-collar businesses, ranging from heating and cooling companies to porta-potty rentals, have been owned by workers who already knew their industries well. However, amid a looming recession and an abundance of layoffs in the tech and finance industries, there are new players purchasing (and running) these businesses: MBA-educated, former Wall Street, and former private equity professionals. This new trend, referred to as “Entrepreneurship Through Acquisition” (ETA), allows these graduates from top business school programs to become their own bosses with lower risk, gaining back valuable time and autonomy.

Many M&A attorneys are accustomed to large corporate clients or private equity firms purchasing businesses, so working with this new “independent searcher” buyer demographic can come with its own set of challenges. As this demographic continues to grow, here’s what M&A attorneys should know.

What’s Driving the Shift in the Small Business M&A Market?

Given the volatile nature of the job market, many white-collar professionals are ditching the traditional track of climbing the corporate ladder in favor of becoming small business owners instead. Customers may cut back on tech services during a recession, after all, but a burst water pipe will always require a plumber regardless of economic conditions.

While many of these workers are attracted to seemingly more stable career opportunities and the allure of becoming their own bosses, they also see significant opportunity in the upcoming “Great Wealth Transfer” from baby boomers to subsequent generations. As Walker Deibel highlights in Buy Then Build: How Acquisition Entrepreneurs Outsmart the Startup Game, $7 billion worth of small and medium businesses currently held by baby boomers will be available for purchase by 2030—meaning that there’s huge market potential.

How Firms Can Best Attract and Serve ETA Buyers

Billing Considerations

A significant part of attracting and serving ETA buyers comes down to understanding their financial situation, including budgetary constraints. That’s why, when it comes to catering to the unique needs of ETA buyers, offering alternative billing and fee arrangements can be essential. Unlike the traditional buyer, ETA buyers are often “self-funded searchers.” That means they’re actively looking for a business to purchase without the help of an investor, while simultaneously covering the costs of their own living expenses. As a result, they may be strapped for cash.

To better accommodate ETA buyers with tight budgets, creative billing structures like fixed-fee or delayed-fee billing can help by giving buyers a better sense of how to budget their legal expenses—without worrying about unexpected bills piling up.

Rules and Regulations

Attorneys should also be aware of common rules and regulations that pertain specifically to ETA buyers. Many ETA buyers, for example, choose to pursue Small Business Administration (SBA) loans, leveraging a combination of debt and equity for business acquisitions. A 2023 study found 58 percent of all self-funded searchers received funding through the SBA’s 7(a) loan. These loans often come with strict regulations and requirements.

One of the most critical regulations attorneys should consider pertains to personal guarantees. Individuals with 20 percent or more ownership in a business must sign an unconditional personal guarantee, which allows the lender to recover a loan’s full outstanding balance from the borrower. Self-funded searchers also must provide minimum equity injections to both mitigate risk and demonstrate dedication to the project. These minimum equity injections are often up to 10 percent of the total project cost.

In addition to regulations specific to self-funded searchers, the SBA’s standard eligibility requirements are applicable. There may be restrictions on business size, the nature of the business, and more. Attorneys can help advise ETA buyers on funding eligibility, proactively discussing any requirements that may impact risks or costs incurred by the borrower.

Due Diligence

With much less industry and business ownership experience, it’s essential that attorneys provide thorough third-party due diligence for ETA clients. This may involve a more rigorous review of financial statements, as well as important documents that M&A lawyers may not be accustomed to with their larger clients.

Due diligence is particularly important because ETA buyers are funding their own search. Without a robust financial safety net, unforeseen risks and liabilities could be detrimental. That’s where a great attorney comes in!

Common Pitfalls Attorneys Should Consider

There are risks involved when working with ETA buyers that attorneys can both monitor for and warn their clients about.

Loss of Key Relationships

The first common pitfall is the potential loss of clients or suppliers following a business purchase. Supplier or client loss is particularly common in small businesses that are deeply involved in their local communities, where personal relationships carry significant weight. Working closely with the seller to transition client and supplier relationships may help prevent this, especially when facilitated with proactive communication, early introductions, and joint meetings.

Seller Competition

Some sellers will aid in creating a smooth transition, but ETA buyers and their attorneys should also consider the risk of seller competition. The seller has already built one thriving business worth purchasing, and they’re walking away with extensive industry knowledge, experience, and contracts. They could take their post-sale cash reserves and start a new competing business. To prevent this, attorneys should advise their clients to put a noncompete agreement in the sale contract.

***

Working with ETA buyers can come with a learning curve, especially for attorneys accustomed to working with large corporate buyers or search funds. Attorneys looking to cater to this new business buyer demographic should be aware of their unique needs and adapt their practice accordingly. While this may seem like more effort is involved, I’ve found that it’s well worth it: helping business buyers break out of the corporate cycle to become their own bosses can be incredibly rewarding work.

It takes a village to prepare and file a customs entry. Importers rely on information they receive from vendors and their attorneys, licensed customs brokers, and consultants to ensure that reasonable care is exercised and their goods are properly entered. This multifaceted approach to compliance is a reflection of the very nature of the international transaction. The customs broker combines information from the transportation documents, commercial invoice, packing list, origin declarations, product specifications, etc., into its automated systems to transmit the entry information to U.S. Customs and Border Protection (CBP). This village is now electronic, with parties along the supply chain submitting electronic records that are ultimately processed by the customs broker’s systems to prepare and file an entry. This village is also regulated: no person or entity may conduct “customs business” on behalf of another without a valid customs broker’s license.^[1] CBP’s current interpretation of “customs business,” however, throws into confusion whether the preparation and transmission of the information associated with ordinary international trade activities could be considered unlawful.

As the U.S. Court of International Trade observed in a 2008 case, the “definition of ‘Customs business’ is very broad.”^[2] First, customs business includes “transactions with the Customs Service” as well as “activities involving transactions with the Customs Service.”^[3] Second, customs business includes preparing documents intended to be filed with the Customs Service, as well as any activities related to preparing documents to be filed with the Customs Service.

In interpreting the term “customs business,” however, CBP has applied a logic that, if taken to its logical conclusion, would threaten the legality of the collaboration many importers use to assure compliance and to create efficiencies in the international supply chain. This does not seem to serve the interests of the companies involved in international trade, the customs brokers who facilitate these activities, or CBP. The compliance-oriented interpretation of “customs business” that CBP developed for large corporations in its rules on “corporate compliance activities,” however, presents an alternative that could be applied to the activities of smaller businesses.

***

CBP has seemingly departed from the statutory requirement that the definition of customs business is focused on the preparation of the information or documentation that is to be filed with CBP. For example, in preparing a customs entry, the imported goods must be classified under the correct provision of the Harmonized Tariff Schedule of the United States (HTSUS), an exercise that requires some training and skill. Generally, it is the manufacturer of the goods that has the knowledge of the detailed information required to arrive at the correct tariff classification. CBP has determined, however, that the provision of an HTSUS classification is “customs business” if a “possibility exists that the . . . classification information . . . will end up on the entry.”^[4] CBP relied on this concept in a 2022 customs ruling to determine that it would be unlawful for a supplier—the party arguably in the best position to determine the classification of an item under the HTSUS—to provide its customers with the classification for its merchandise.^[5] In the ruling, CBP appears to suggest that providing a tariff classification is tantamount to preparing documents intended to be filed with CBP on the basis that the provision of a tariff classification is “giving advice about how to classify a good,” which is a “necessary part” of preparing documents that will be filed with CBP.^[6] This determination subjects the supplier to penalty for engaging in those activities.

This raises the question as to whether to merely print the tariff classification on the invoice—a common practice in international trade—would be the unlawful practice of customs business. Similarly, since “activities involving . . . valuation” are included in the definition of customs business,^[7] and since the price paid or payable for the merchandise when sold for export to the United States is generally the value stated on the invoice, would placing a value on an invoice also be customs business?^[8] In fact, since the commercial invoice is prepared with intent that it be filed with CBP, then CBP’s recent interpretation of “customs business” would seem to suggest that the generation of a commercial invoice for a customer may be considered customs business. Since customs entries include information about the transportation that was involved in bringing the goods to the United States, would the preparation of these documents also be customs business?

CBP has already determined that the gathering of some of this information by an unlicensed person is “customs business.” In a December 2023 customs ruling, CBP determined that using foreign persons to enter information from the various commercial invoices, packing lists, shipping documents, and other documents used in international transactions into an Automated Broker Interface (ABI) system constituted unlicensed customs business activities.^[9] While this decision is reasonably supported by the fact that using an ABI system—a system that is specifically designed for the preparation and filing of customs entries—is directly related to preparing “documents” and the related information for transmission to CBP, this interpretation raises questions that may need to be resolved in separate rulings. For example, as mentioned above, preparing new entry documents involves accumulating information from different sources. CBP could determine that using EDI (electronic data interchange) to transmit the invoice or bill of lading information to a customs broker for use in the preparation of the customs entry is customs business, as it is known that the information will later be transmitted to CBP. What if an unlicensed service provider receives those transmissions and consolidates the information for transmission to the customs broker?

For large corporations, CBP has developed a regulatory framework that resolves many of these problems. Importers are obligated to exercise “reasonable care” in the preparation of a customs entry. The responsibility of “reasonable care” includes seeking the advice of parties with specific, or expert, knowledge, including consultation with unlicensed persons.^[10] The types of “unlicensed persons” an entity can consult with to ensure it has undertaken “reasonable care” in describing and/or classifying merchandise are “experts,” such as attorneys, licensed customs brokers, or customs consultants. In 2002 and 2003, large corporations approached CBP about centralizing their compliance activities. After several rulings that found it to be the unlicensed practice of customs business when one corporation performed compliance activities for other corporations within the corporate group, CBP crafted a rule that removed “corporate compliance activities” from the definition of “customs business,” drawing on the “reasonable care” concept.^[11] “Corporate compliance activity” is defined as:

[an] activity performed by a business entity to ensure that documents for a related business entity or entities are prepared and filed with CBP using “reasonable care”, but such activity does not extend to the actual preparation or filing of the documents or their electronic equivalents.^[12]

In other words, “corporate compliance activity” allows one company in a corporate group to conduct some customs business for other businesses within the group, even if the company providing those service is not licensed. In the words of CBP, the company providing these “corporate compliance activities” may “conduct any activities mentioned in the definition of ‘customs business,’ other than the actual preparation and filing of documents, so long as those activities fall within the definition of ‘corporate compliance activity.’”^[13]

This description of “corporate compliance activity” allows these companies to do nearly anything that is considered to be “customs business” when performed by an unrelated party. Only those activities that involve the actual preparation and filing of documents with CBP are excluded from corporate compliance activities. The final rule on “corporate compliance activity” states the following:

The proposed definition of “corporate compliance activity,” which precludes the “actual preparation or filing of the documents or their electronic equivalents,” . . . is intended to emphasize that the documents in question are those that will be filed with CBP. Therefore, any work performed in anticipation of document preparation, including the gathering and organizing of information and its recordation on background paperwork, will be allowed under this provision.^[14]

There is no statutory reason to adopt these requirements when the importing entity is part of a corporate group but not when the importer is an independent business. Yet CBP’s rulings draw this distinction, placing independent importers at a disadvantage as compared to competing importers that are part of a group of companies and may use unlicensed persons from one company to provide advice to the importing entity.

CBP has made significant investments in technology to gain visibility in the movement of goods through supply chains and their importation into the U.S. The international trade community is attempting to adjust to this reality by developing mechanisms to electronically bring together information from the various parties involved in the supply chain. CBP’s interpretation of “customs business” threatens to stifle these innovations in a manner that is not in the interest of CBP or the international trade community, nor does this interpretation serve the purpose of the customs broker statute. Expanding the concept of “corporate compliance activities” to include all such activities, regardless of the relationships between the parties, could go a long way toward recognizing modern business practices and encouraging compliance, while also serving the purpose of the customs broker statute.

1. “Customs business” is defined as “those activities involving transactions with U.S. Customs and Border Protection concerning . . . classification and valuation. . . . It also includes the preparation of documents or forms in any format and the electronic transmission of documents, invoices, bills, or parts thereof, intended to be filed with U.S. Customs and Border Protection . . . [of merchandise] or activities relating to such preparation, but does not include the mere electronic transmission of data received for transmission to Customs. No person may conduct customs business on behalf of another unless they hold a valid customs broker’s license.” 19 U.S.C. § 1641(a)(2) (emphasis added). ↑

2. Delgado v. United States, 581 F. Supp. 2d 1326 (Ct. Int’l Trade 2008) (examining, in dicta, the definition of “customs business” in the context of a proceeding to revoke a broker’s license). ↑

3. Id. ↑

4. HQ 115248 (Aug. 28, 2001). ↑

5. HQ H290535 (Sept. 29, 2022). ↑

6. Id. citing HQ 115278. ↑

7. 19 U.S.C. § 1641(a)(2). ↑

8. Id. ↑

9. HQ H326926 (Dec. 19, 2023). ↑

10. CBP, What Every Member of the Trade Community Should Know: Reasonable Care—An Informed Compliance Publication (Sept. 2017), last visited Jul. 29, 2024. ↑

11. 68 Fed. Reg. 47455 (Aug. 11, 2003). ↑

12. 19 C.F.R. §111.1 (emphasis added). ↑

13. 68 Fed. Reg. at 47456. ↑

14. Id. at 47457. ↑

A Texas federal court dismissed the lawsuit of the Federal Trade Commission (FTC) against private equity (PE) firm Welsh, Carson, Anderson & Stowe (Welsh Carson), while allowing to proceed the agency’s challenge against U.S. Anesthesia Partners (USAP), in a case challenging a series of acquisitions of anesthesia providers.^[1]

Background

Rather than directly employ anesthesiologists, many hospitals contract with outside anesthesiologists or anesthesia groups to ensure around-the-clock access to anesthesia services. In 2012, Welsh Carson created USAP, which began to buy other anesthesia practices in Texas, eventually owning at least fifteen practices. According to the FTC’s complaint, USAP would add each acquired practice to its existing insurance contracts and thereby raise the rates of the newly acquired practices’ services to match its own higher reimbursement rates.^[2] Today, USAP “handles nearly half of all hospital-only anesthesia cases in Texas, and earns almost 60% of all hospital anesthesia revenue paid by Texas insurers, employers, and patients.”^[3]

When Welsh Carson formed USAP, it owned 50.2 percent of the company and chose company leadership. In 2017, the firm sold half of its stake in USAP.^[4] Since then, one of the firm’s funds has owned 23 percent of USAP and had the right to appoint two of USAP’s fourteen board members.^[5]

In September 2023, the FTC sued Welsh Carson and USAP, claiming that they engaged in anticompetitive practices to monopolize Texas’ anesthesiology.^[6] Allegedly, “Welsh Carson masterminded the plan for USAP to roll up markets across Texas and inflate prices,” with the FTC pointing to internal communications at Welsh Carson where the firm allegedly bragged about being USAP’s “primary architect.”^[7] From the FTC’s perspective, Welsh Carson’s minority ownership in USAP was no shield from liability because there is nothing to “prevent Welsh Carson from re-upping its investment in USAP, retaking formal control of the company, and directing yet more anticompetitive acquisitions.”^[8] The FTC also pointed to Welsh Carson’s duplication of its anesthesiology consolidation strategy in the radiology market as evidence the firm would continue its anticompetitive practices.

The FTC claimed that it was entitled to an injunction under Section 13(b) of the FTC Act. Section 13(b) provides that when the FTC has reason to believe “that any person, partnership, or corporation is violating, or is about to violate, any provision of law enforced by the [FTC],” it may sue in federal district court to enjoin those practices.^[9] Welsh Carson and USAP each moved to dismiss the claims against them.

The Court’s Decision

First, in granting the motion to dismiss for Welsh Carson, the court ruled that the FTC did not adequately allege that Welsh Carson is currently violating antitrust laws. The court acknowledged that an acquisition of assets in a company may subject one to liability for monopolization or an unlawful transaction that may substantially lessen competition.^[10] Welsh Carson, however, owns only 23 percent of USAP, and the FTC did not “cite[] a case in which a minority, noncontrolling investor—[regardless of how] hands-on—is liable under Section 13(b) because the company it partially owned made anticompetitive acquisitions.”^[11] In contrast, in denying the motion to dismiss for USAP, the court stated that USAP’s alleged continued acquisitions and dominance in the state’s anesthesiology market “constitute ongoing activity and plausibly contribute to the monopoly power and unfair competition that the FTC’s complaint alleges.”^[12]

Second, the court ruled that the FTC did not adequately allege that Welsh Carson is about to violate antitrust laws. As stated, the FTC argued that nothing prevents Welsh Carson from again becoming a controlling investor in USAP and directing anticompetitive acquisitions. The court disposed of this by pointing out that “the mere capacity to do something does not meet the requirement that the thing is likely to recur.”^[13] And the fact that USAP is continuing its alleged anticompetitive practices “goes to USAP’s violations, not Welsh Carson’s.”^[14] The court also acknowledged that Welsh Carson seeks to replicate its strategy in other health care markets, but “comments from Welsh Carson executives indicating a desire to consolidate other healthcare markets do not show that Welsh Carson is about to violate antitrust laws.”^[15]

Takeaways

Governance separation matters. Welsh Carson was a minority, noncontrolling investor. It controlled only two of USAP’s fourteen board seats. This gave the firm the meaningful separation from USAP it needed. Firms should be mindful that courts will examine the extent of board control no matter how “hands-on” or “hands-off” the investor is regarding operations.

The FTC is concerned about serial acquisitions. The agency’s December 2023 merger guidelines provide that the agency will “examin[e] both the firm’s history and current or future strategic incentives” by evaluating “documents and testimony reflecting [the firm’s] plans and strategic incentives both for the individual acquisitions and for its position in the industry broadly.”^[16] In the FTC’s press release after filing the lawsuit, FTC Chair Lina M. Khan remarked that the “FTC will continue to scrutinize and challenge serial acquisitions, roll-ups, and other stealth consolidation schemes.”^[17] Firms should ensure that procompetitive effects from or reasons for strategies are spelled out in their business development and strategy documents. Firms should assume that that their informal and formal comments will be interpreted skeptically by antitrust authorities. Accordingly, documents discussing the acquisition pipeline or strategy, for example, should be factual and not overstate the plan as one to roll-up, control, or own an entire market or geography.

Consult an expert. Commercial arrangements with competitors that, in any way, implicate rates, prices, production levels, or information regarding same should be carefully reviewed with antitrust counsel.

Acquisitions in health care put agencies on heightened alert. The FTC’s complaint is replete with references to Welsh Carson’s involvement in health care. This concern extends to the states as well. For instance, in February 2024, USAP reached an agreement with Colorado Attorney General Phil Weiser that required it to divest and pay monetary relief.^[18] Weiser remarked that “[w]hen private equity gets involved in health care with a focus on raising prices to make a quick buck, bad things happen for consumers.”^[19] Firms investing in markets related to health care should be aware that federal and state agencies are looking out for serial acquisitions in the sector.

1. No. 4:23-cv-03560, 2024 WL 2137649 (S.D. Tex. May 13, 2024). ↑

2. Id. at *1. ↑

3. Id. at *2. ↑

4. Id. at *3. ↑

5. Id. ↑

6. See Complaint, FTC v. U.S. Anesthesia Partners, Inc., No. 4:23-cv-03560 (S.D. Tex. Sept. 21, 2023). ↑

7. Id. at *93. ↑

8. Id. at *94. ↑

9. 15 U.S.C. § 53(b). ↑

10. FTC v. U.S. Anesthesia Partners, No. 4:23-CV-03560, 2024 WL 2137649, at *4 (S.D. Tex. May 13, 2024). ↑

11. Id. at *5. ↑

12. Id. at *8. ↑

13. Id. at *6. ↑

14. Id. at *5. ↑

15. Id. at *6. ↑

16. U.S. Dep’t of Just., 2023 Merger Guidelines 23 (2023). ↑

17. Press Release, Fed. Trade Comm’n, FTC Challenges Private Equity Firm’s Scheme to Suppress Competition in Anesthesiology Practices Across Texas (Sept. 21, 2023). ↑

18. Press Release, Colo. Off. of the Att’y Gen., Private Equity-Run U.S. Anesthesia Partners to End Colorado Health Care Monopoly under Agreement with Attorney General Phil Weiser (Feb. 27, 2024). ↑

19. Id. ↑

On May 17, 2024, Colorado enacted SB 205, broadly regulating the use of high-risk artificial intelligence systems to protect consumers from unfavorable and unlawful differential treatment. The bill, which requires compliance on or after February 1, 2026, declares that both developers and users of high-risk artificial intelligence systems must comply with extensive monitoring and reporting requirements to demonstrate reasonable care has been taken to prevent algorithmic discrimination. A violation of the requirements set forth in Colorado SB 205 constitutes an unfair trade practice under Colorado’s Consumer Protection Act.

What Is an Artificial Intelligence System?

Colorado SB 205 defines “artificial intelligence system” as “any machine-based system that, for any explicit or implicit objective, infers from the inputs the system receives how to generate outputs, including content, decisions, predictions, or recommendations, that can influence physical or virtual environments.”

The artificial intelligence system becomes “high risk” when it is deployed to make, or is a substantial factor in making, a consequential decision that has a material legal or similarly significant effect on the provision or denial to any consumer of, or the cost or terms of: (a) education enrollment or an education opportunity; (b) employment or an employment opportunity; (c) a financial or lending service; (d) an essential government service; (e) health-care services; (f) housing; (g) insurance; or (h) a legal service.

A high-risk artificial intelligence system does not include, among others, technology that communicates with consumers in natural language for the purpose of providing users with information, making referrals or recommendations, and answering questions and is subject to an accepted use policy that prohibits generating content that is discriminatory or harmful.

Affirmative Obligations for Developers

Colorado SB 205 requires a developer of a high-risk artificial intelligence system to make available to the deployer, or user of the artificial intelligence system:

1. A general statement describing the reasonably foreseeable uses and known harmful or inappropriate uses of the high-risk artificial intelligence system;
2. Documentation disclosing:
   1. High-level summaries of the type of data used to train the high-risk artificial intelligence system;
   2. Known or reasonably foreseeable limitations of the high-risk artificial intelligence system, including known or reasonably foreseeable risks of algorithmic discrimination arising from the intended uses of the high-risk artificial intelligence system;
   3. The purpose of the high-risk artificial intelligence system;
   4. The intended benefits and uses of the high-risk artificial intelligence system; and
   5. All other information necessary to allow the deployer to comply with the requirements of Section 6-1-1703 [Deployer Duty to Avoid Algorithmic Discrimination];
3. Documentation describing:
   1. How the high-risk artificial intelligence system was evaluated for performance and mitigation of algorithmic discrimination before the high-risk artificial intelligence system was offered, sold, leased, licensed, given, or otherwise made available to the deployer;
   2. The data governance measures used to cover the training datasets and the measures used to examine the suitability of data sources, possible biases, and appropriate mitigation;
   3. The intended outputs of the high-risk artificial intelligence system;
   4. The measures the developer has taken to mitigate known or reasonably foreseeable risks of algorithmic discrimination that may arise from the reasonably foreseeable deployment of the high-risk artificial intelligence system; and
   5. How the high-risk artificial intelligence system should be used, not be used, and be monitored by an individual when the high-risk artificial intelligence system is used to make, or is a substantial factor in making, a consequential decision; and
4. Any additional documentation that is reasonably necessary to assist the deployer in understanding the outputs and monitor the performance of the high-risk artificial intelligence system for risks of algorithmic discrimination.

Affirmative Obligations for Deployers

Colorado SB 205 requires deployers of a high-risk artificial intelligence system to use reasonable care to protect consumers from any known or reasonably foreseeable risks of algorithmic discrimination. Reasonable care is demonstrated by the deployer’s implementation of a risk management policy and program governing the deployment of the high-risk artificial intelligence system, completion of an annual impact assessment, and disclosure to consumers when they are interacting with an artificial intelligence system or when the system has made a decision adverse to the consumer’s interests.

Risk Management Policy and Program

The risk management policy and program must be “an iterative process planned, implemented, and regularly and systematically reviewed and updated over the life cycle of a high-risk artificial intelligence system, requiring regular, systematic review and updates.” It must incorporate the principles, processes, and personnel that the deployer uses to identify, document, and mitigate known or reasonably foreseeable risks of algorithmic discrimination.

The risk management policy and program must be reasonable considering:

1. (a) The guidance and standards set forth in the latest version of the “Artificial Intelligence Risk Management Framework” published by the National Institute of Standards and Technology in the United States Department of Commerce, Standard ISO/IEC 42001 of the International Organization for Standardization, or another nationally or internationally recognized risk management framework for artificial intelligence systems, if the standards are substantially equivalent to or more stringent than the requirements of [the bill]; or (b) Any risk management framework for artificial intelligence systems that the Attorney General, in the Attorney General’s discretion, may designate;
2. The size and complexity of the deployer;
3. The nature and scope of the high-risk artificial intelligence systems deployed by the deployer, including the intended uses of the high-risk artificial intelligence systems; and
4. The sensitivity and volume of data processed in connection with the high-risk artificial intelligence systems deployed by the deployer.

Impact Assessment

An impact assessment must be completed annually and within ninety days after any intentional and substantial modification to the high-risk artificial intelligence system is made available. The impact assessment must include, at a minimum, and to the extent reasonably known by or available to the deployer:

1. A statement by the deployer disclosing the purpose, intended use cases, and deployment context of, and benefits afforded by, the high-risk artificial intelligence system;
2. An analysis of whether the deployment of the high-risk artificial intelligence system poses any known or reasonably foreseeable risks of algorithmic discrimination and, if so, the nature of the algorithmic discrimination and the steps that have been taken to mitigate the risks;
3. A description of the categories of data the high-risk artificial intelligence system processes as inputs and the outputs the high-risk artificial intelligence system produces;
4. If the deployer used data to customize the high-risk artificial intelligence system, an overview of the categories of data the deployer used to customize the high-risk artificial intelligence system;
5. Any metrics used to evaluate the performance and known limitations of the high-risk artificial intelligence system;
6. A description of any transparency measures taken concerning the high-risk artificial intelligence system, including any measures taken to disclose to a consumer that the high-risk artificial intelligence system is in use when the high-risk artificial intelligence system is in use; and
7. A description of the post-deployment monitoring and user safeguards provided concerning the high-risk artificial intelligence system, including the oversight, use, and learning process established by the deployer to address issues arising from the deployment of the high-risk artificial intelligence system.

The impact assessment must also include a statement disclosing the extent to which the high-risk artificial intelligence system was used in a manner that was consistent with or varied from the developer’s intended uses of the high-risk artificial intelligence system. A deployer must maintain the most recently completed impact assessment, all records concerning each impact assessment, and all prior impact assessments, if any, for at least three years following the final deployment of the high-risk artificial intelligence system.

Notice to Consumer

On and after February 1, 2026, and no later than the time that a deployer deploys a high-risk artificial intelligence system to make, or be a substantial factor in making, a consequential decision concerning a consumer, the deployer must:

1. Notify the consumer that the deployer has deployed a high-risk artificial intelligence system to make, or be a substantial factor in making, a consequential decision before the decision is made;
2. Provide to the consumer a statement disclosing the purpose of the high-risk artificial intelligence system and the nature of the consequential decision; the contact information for the deployer; a description, in plain language, of the high-risk artificial intelligence system; and instructions on how to access the statement . . . ; and
3. Provide to the consumer information, if applicable, regarding the consumer’s right to opt out of the processing of personal data concerning the consumer for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. . . .

The deployer must also comply with substantial notice requirements if the high-risk artificial intelligence system makes a consequential decision that is adverse to the consumer and allow the consumer to appeal or correct any incorrect personal data that the high-risk artificial intelligence system processed in making the decision.

If a deployer deploys a high-risk artificial intelligence system and subsequently discovers that the high-risk artificial intelligence system has caused algorithmic discrimination, the deployer, without unreasonable delay, but no later than ninety days after the date of the discovery, must send to the Attorney General, in a form and manner prescribed by the Attorney General, a notice disclosing the discovery.

A deployer who uses a high-risk artificial intelligence system that is intended to interact with consumers must ensure it discloses to each consumer who interacts with the artificial intelligence system that the consumer is interacting with an artificial intelligence system. Disclosure is not required under circumstances in which it would be obvious to a reasonable person that the person is interacting with an artificial intelligence system.

Website Disclosures

A developer must make available, in a manner that is clear and readily available on the developer’s website or in a public use case inventory, a statement summarizing:

1. The types of high-risk artificial intelligence systems that the developer has developed or intentionally and substantially modified and currently makes available to a deployer or other developer; and
2. How the developer manages known or reasonably foreseeable risks of algorithmic discrimination that may arise from the development or intentional and substantial modification of the types of high-risk artificial intelligence systems described in accordance with [the above].

Similarly, a deployer must also make available on its website a statement summarizing:

1. The types of high-risk artificial intelligence systems that are currently deployed by the deployer;
2. How the deployer manages known or reasonably foreseeable risks of algorithmic discrimination that may arise from the deployment of each high-risk artificial intelligence system . . . ; and
3. In detail, the nature, source, and extent of the information collected and used by the deployer.

Exemptions

These requirements do not apply to a deployer if, at the time the deployer deploys a high-risk artificial intelligence system and at all times while the high-risk artificial intelligence system is deployed,

1. The deployer:
   1. Employs fewer than 50 full-time equivalent employees; and
   2. Does not use the deployer’s own data to train the high-risk artificial intelligence system;
2. The high-risk artificial intelligence system:
   1. Is used for the intended uses that are disclosed to the deployer as required by [the developer]; and
   2. Continues learning based on data derived from sources other than the deployer’s own data; and
3. The deployer makes available to consumers an impact assessment that:
   1. The developer of the high-risk artificial intelligence system has completed and provided to the deployer; and
   2. Includes information that is substantially similar to the information in the impact assessment required [to be submitted by the deployer pursuant to the requirements of the bill].

The European Union’s Corporate Sustainability Due Diligence Directive (the “CSDDD” or “Directive”) was published on July 5, 2024. It must be transposed into national laws by July 26, 2026, and phased in over the coming several years. The national laws adopted pursuant to the Directive will ultimately apply to all companies that have annual group-wide net turnover (i.e., sales net of rebates, value-added tax, and similar taxes) in the EU of over €450 million (and, in the case of EU companies, also at least one thousand employees); to EU companies with annual franchising fees and/or royalties of at least €22.5 million and net turnover above €80 million; and to non-EU companies with those levels of franchising/royalty revenue in the EU.

Nearly all large U.S. multinational enterprises (“MNEs”) will be subject to these laws, because their European subsidiaries exceed the revenue thresholds, and/or because their global sales in and exports to the EU exceed €450 million. The largest MNEs will become subject to the laws beginning in 2027.

Because the due diligence review mandated by the Directive extends to in-scope MNEs’ supply chains, distribution channels, and other “business partners,” the human rights, environmental, and climate change requirements of the Directive will also indirectly impact many smaller companies (including U.S. companies that are not otherwise covered). Many of those companies will, however, be in a position to respond to the due diligence requests of in-scope companies because of their own obligations under the EU’s Corporate Sustainability Reporting Directive, which will apply to a much larger number of U.S. companies.

What does the Directive do?

The Directive will in effect convert the nonbinding obligations of the U.N. Guiding Principles on Business and Human Rights and the frameworks in the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct and OECD Due Diligence Guidance for Responsible Business Conduct into legal obligations binding on companies that fall within the CSDDD’s scope (“in-scope” companies or MNEs). Many large MNEs already seek to comply with these instruments. An even larger number purport to. These companies may already be well positioned to evaluate the potential significance of the Directive.

The Directive’s significance should not, however, be understated. It will cause the rights articulated in a variety of international agreements, all of which until now have been binding only on state parties (except to the extent enacted into domestic law by state parties), to become legally binding obligations enforceable against in-scope MNEs under the laws of all twenty-seven of the member states of the EU. Those agreements include three international human rights treaties—the International Covenant on Civil and Political Rights (“ICCPR”), the International Covenant on Economic, Social and Cultural Rights (“ICESCR”), and the Convention on the Rights of the Child—eight core/fundamental conventions of the International Labour Organization (“ILO”),^[1] the core climate change mitigation objective of the Paris Agreement, and eleven environmental conventions. The U.S. has signed but not ratified the ICESCR and the Convention on the Rights of the Child; it has only signed two of the eight ILO conventions, and it has signed but not ratified three of the environmental conventions.

These international agreements articulate a lengthy list of rights and obligations and, if national authorities and courts in the EU enforce the provisions of the Directive as written, the potential impact will be significant. In-scope companies will be required (among other things):

• to ensure that their global operations and those of their supply chain comply with international standards in relation to workers’ rights, equal pay, union activities, etc., even when those standards go beyond the requirements of domestic law in the country of employment;
• to adopt and implement a transition plan to reduce their global greenhouse gas emissions in line with the Paris Agreement’s objective of limiting the temperature increase to 1.5°C above preindustrial levels and with the EU’s “net zero” targets;
• to avoid causing any measurable environmental degradation that has any one of a range of negative effects, anywhere in their global operations;
• to avoid violating others’ right to freedom of expression or interfering with persons’ privacy and correspondence; and
• to ensure that any land or other natural resources to be used by the companies is not taken from, and does not result in evictions of, persons or communities who thereby lose their ability to subsist or their means of livelihood.

Although styled as a “due diligence” directive, the name is somewhat misleading. If violations of rights are identified through the due diligence process (or by the parallel efforts of trade unions, NGOs, or other interested parties), the in-scope MNE will be required to eliminate or, if that is not possible, mitigate them.

The CSDDD raises many critically important questions, to which at present there are no clear answers. Among other aspects of the Directive, U.S. MNEs will need to focus on their own compliance, and the compliance of their supply chain and other business partners, with at least seven sets of rights and obligations set forth in the Directive.

Conditions of work

Among the rights listed in the Directive is the “right to enjoy just and favourable conditions of work,” including:

• a fair wage and an adequate living wage for employed workers,
• a decent living,
• safe and healthy working conditions, and
• reasonable limitation of working hours,

interpreted in line with Article 7 and 11 of the ICESCR, which clarify that the right to an adequate living wage and a decent living is intended to provide the worker and the worker’s family “an adequate standard of living for himself and his family, including adequate food, clothing and housing.”

Although over 170 countries have minimum wage laws,^[2] and MNEs tend to pay above the going rate in most countries, enforcement of minimum wage laws differs significantly across countries. Categories of workers (e.g., agricultural, domestic, and younger) are often excluded from minimum wage laws,^[3] and there is often a significant gap between the minimum wage and a living wage, as that term is defined by the ILO.

In-scope companies will need to conduct due diligence into these matters, both in their own global operations and in their supply chains, to determine whether their subsidiaries and their key suppliers meet the higher standard. According to data collected by the World Economic Forum, at present only 24 percent of employers currently pay a living wage globally.^[4] The CSDDD will make this obligatory for in-scope companies.

Laws in many countries set maximum working hours, but enforcement varies, and there are significant exceptions.^[5] Similarly, many countries have laws regulating the health and safety of workplaces, but in some countries there is little enforcement.

It appears that workers in non-EU countries, or an NGO or trade union acting on their behalf, will be able to lodge complaints with EU enforcement authorities or to bring suit in EU courts for a non-EU company’s alleged failure to pay a living wage or limit working hours. While in-scope companies will be required to seek contractual assurances from direct business partners that they will ensure compliance with these requirements as well, and verify compliance with those undertakings, it is not clear what an in-scope MNE is supposed to do, and what its liability may be, if the counterparty refuses to do so or if the MNE knows that the counterparty is not complying. The Directive provides some guidance on these matters, but further clarity in the transposed laws would be useful.

Equal pay and nondiscrimination

The Directive requires the transposed laws to prohibit unequal treatment in terms of employment, unless this is justified by the requirements of the employment. Unequal treatment includes, in particular:

1. the payment of unequal remuneration for work of equal value; and
2. discrimination on grounds of national extraction or social origin, race, color, sex, religion, or political opinion.

This right is to be interpreted in line with Article 7 of the ICESCR, which requires “equal remuneration for work of equal value without distinction of any kind, in particular women being guaranteed conditions of work not inferior to those enjoyed by men, with equal pay for equal work.”

Equal pay for equal work, and nondiscrimination in employment, are established legal principles in the EU,^[6] U.S.,^[7] and U.K.^[8] and in several other countries, but legal protections for women and racial and ethnic minorities in many countries are nonexistent or weak.^[9] Will the Directive result in the EU courts becoming the venue of choice for forcing MNEs to end unequal pay in all their subsidiaries? Will there be a requirement that plaintiffs first seek remedies in their own country, if an effective remedy is available there? Again, the implementing legislation may provide clarity.

Rights to form unions and to strike

The Directive also requires in-scope companies to ensure their workers are entitled to freedom of association, assembly, the right to organize, and collective bargaining. This includes the following rights:

1. workers are free to form or join trade unions;
2. the formation, joining and membership of a trade union must not be used as a reason for unjustified discrimination or retaliation;
3. trade unions are free to operate in line with their constitutions and rules, without interference from the authorities; and
4. the right to strike and the right to collective bargaining.^[10]

Many countries in the world do not—at least in practice—allow workers the freedom to form unions (except, in some cases, those established by the government), to strike, and to engage in collective bargaining. According to the International Trade Union Confederation, 87 percent of countries have violated the right to strike, and 79 percent have violated the right to collective bargaining.^[11]

In countries where there is no right to form labor unions, right to strike, and/or right to collective bargaining, but also no prohibition, the Directive may require in-scope companies (and their suppliers) to afford their workers these rights, as a matter of EU law. But what will this mean in practice? Will workers in non-EU countries be able to bring their unionization and collective bargaining disputes to EU courts, demanding the rights articulated in the relevant international conventions, even if those go beyond what they are entitled to under their own country’s laws? And what will the Directive’s requirements mean as applied to countries where independent labor unions are not permitted to exist, or where strikes are banned? Guidance on these points will be needed.

Climate change transition plans

The Directive will require in-scope companies to adopt and put into effect a “transition plan” that aims to ensure, through best efforts, that the business model and strategy of the company are compatible with the Paris Agreement’s objective of limiting global warming to 1.5°C and the EU regulation establishing the objective of achieving “climate neutrality,” including its intermediate and 2050 targets. The transition plans will be required:

• to cover the entire group’s operations, and include its suppliers and other business partners;
• to contain time-bound targets related to climate change for 2030, then in five-year incremental steps up to 2050;
• to include absolute emission reduction targets for Scope 1, Scope 2, and Scope 3 greenhouse gas emissions,^[12] as well as the key actions planned to reach those targets,
• to explain and quantify the investments and funding supporting the transition plan; and
• to be updated every twelve months, together with a report on the progress made towards achieving the plan’s targets.

The Directive contemplates that the national supervisory authorities charged with implementing its provisions shall be required “to supervise the adoption and design of the plan.”

While many MNEs have adopted action plans relating to the reduction of greenhouse gases, in most cases these initiatives have been voluntary, have not been based on governmentally mandated targets, have not extended to their supply chain and distributors, and have not been subject to governmental oversight. The Directive proposes to change all that, for in-scope MNEs and, indirectly, their business partners.

As the Paris Agreement’s objective of limiting climate change to a 1.5°C increase is, at this point, ambitious (if not, according to some, impossible), to have the desired impact, transition plans will have to be similarly ambitious. It is not clear whether there will continue to be political support within the EU for the radical reductions in greenhouse gas emissions that companies will need to implement to meet the plans’ stated objectives. But if the EU is willing to exert maximum pressure on its own companies to convert rapidly to renewable energy sources and energy-efficient modes of production and transportation, the EU may be particularly insistent on forcing non-EU MNEs to take the same bold (and, in the short run, costly) steps.

The activities of NGOs are likely to be relevant in this context. Within the EU there have been several high-profile lawsuits designed to force companies^[13] to act more aggressively to reduce greenhouse gas emissions. NGOs sense an opportunity to use the Directive to force both EU and non-EU companies into faster and bolder action. They may also use the transposed laws to seek damages and/or remediation for the adverse impacts allegedly caused by the failure to implement efficacious transition plans in line with the Directive’s requirements.

Environmental degradation

The Directive will require in-scope companies to avoid causing any measurable environmental degradation, such as harmful soil change, water or air pollution, harmful emissions, excessive water consumption, degradation of land, or other impact on natural resources (such as deforestation) that has any one of a range of adverse environmental impacts. It will also require in-scope companies to avoid or minimize adverse impacts on biological diversity.

It is not clear what this will mean in practice. One possibility is that the Directive will create a set of environmental laws applicable to all large MNEs, to be enforced by European governmental authorities and courts. If that is the intent, the EU or national EU governments will—one hopes—provide more detailed guidance on what is (and is not) considered a violation of the CSDDD’s general rules.^[14]

Freedom of expression, privacy, and correspondence

The Directive prohibits arbitrary or unlawful interference with a person’s privacy, family, home, or correspondence, interpreted in line with Article 17 of the ICCPR. Article 19 of the ICCPR, also covered by the CSDDD, includes the right to hold opinions without interference, and the right to freedom of expression, regardless of frontiers, orally, in writing or in print, or through any other media. Protecting these rights may prove challenging for telecommunications and social media companies (among others) operating in repressive countries.

Governments often request personal information from social media and telecom companies, in the course of criminal investigations or for other legitimate reasons. Repressive regimes will, however, often demand access to customer information in order to track down individuals who have criticized the government, or who support the political opposition. Those governments may use that information to detain, interrogate, and/or incarcerate dissidents and political opponents. Companies are regularly compelled by repressive regimes to block websites and shut down services to suppress political criticism or prevent reporting of human rights abuses.

When faced with a governmental demand for access to an email account or telephone line, even when it knows or guesses that the reason may lead to a violation of human rights, a telcom may often have no choice but to comply, as to refuse will be a criminal offense and may result in its subsidiary’s employees being arrested and prosecuted. To accede to the government’s demand may, however, result in the company’s customer(s) being arrested and prosecuted (or jailed without charges), in violation of their human rights. This is not a new dilemma. But under the laws contemplated by the Directive, it may evolve from being an ethical dilemma to being a conflict between diametrically opposed legal requirements.^[15]

Evictions and takings

The Directive will also require in-scope companies to respect “the right of individuals, groupings and communities to lands and resources and the right not to be deprived of means of subsistence, which entails the prohibition to unlawfully evict or take land, forests and waters when acquiring, developing or otherwise using land, forests and waters, including by deforestation, the use of which secures the livelihood of a person.”

This requirement will impose on in-scope companies an obligation to ensure, when acquiring land or water rights, etc. (e.g., for the construction of a new factory or other asset), that the land is not occupied or in use as farm or grazing land by individuals who will be adversely affected by their dispossession of the land, unless adequate arrangements have been made to compensate them and protect their interests. The Directive’s interpretive guidance^[16] makes clear that particular attention must be paid to situations in which the people being dispossessed are individuals from disadvantaged minority groups, low-caste individuals, indigenous peoples, or others who may be particularly vulnerable.

It is not uncommon, in large-scale development projects, for there to be complaints regarding the displacement of indigenous, minority, low-caste, or otherwise marginalized peoples, whose claim to the land is often undocumented. Similarly, there are often complaints regarding a project’s likely adverse impact on drinking water, fish, or other resources, and the adverse impact that will have on local people.

NGOs often champion the rights of the affected people in local courts, but particularly in cases where there is significant government backing for the project, local courts may be unsympathetic, or grant only nominal compensation. The CSDDD seems to offer alternative, potentially more sympathetic, venues for NGOs to pursue these claims.

Next steps

Particularly if not implemented with clarity, practicality, and nuance, the laws promulgated pursuant to the CSDDD will present significant challenges for in-scope MNEs, including even those that already strive to comply with the U.N. Guiding Principles and the OECD Guidelines for Multinational Enterprises. It is important that the EU, and the twenty-seven national governments that will be transposing the Directive into national law and then enforcing it, implement the Directive in a manner that is realistic and responsive to the practical realities faced by MNEs in complex business environments.

U.S. companies should assess the potential impact of the Directive on their global operations, follow closely further developments as the CSDDD is transposed into national laws, and use the time before these laws become applicable to prepare to meet the compliance challenges they present.

1. Freedom of Association and Protection of the Right to Organise Convention, 1948 (No. 87); Right to Organise and Collective Bargaining Convention, 1949 (No. 98); Forced Labour Convention, 1930 (No. 29) and its 2014 Protocol; Abolition of Forced Labour Convention, 1957 (No. 105); Minimum Age Convention, 1973 (No. 138); Worst Forms of Child Labour Convention, 1999 (No. 182); Equal Remuneration Convention, 1951 (No. 100); and Discrimination (Employment and Occupation) Convention, 1958 (No. 111). ↑

2. “Living Wage,” U.N. Global Compact, accessed July 11, 2024. ↑

3. See ITUC Global Survey on Minimum Living Wages: Key Findings, International Trade Union Confederation (“ITUC”) (Jan. 2024), at 5. ↑

4. See Victoria Masterson, “Explainer: What is a living wage and how is it different from the minimum wage?,” World Economic Forum (Apr. 9, 2024). ↑

5. See Sangheon Lee, Deirdre McCann, and Jon C. Messenger, Working Time Around the World: Trends in working hours, laws and policies in a global comparative perspective (London: Routledge, 2007). ↑

6. See Art. 157 of the Treaty on the Functioning of the European Union, and Directive 2006/54/EC on the implementation of the principle of equal opportunities and equal treatment of men and women in matters of employment and occupation (July 5, 2006). ↑

7. Equal Pay Act of 1963 (Pub. L. 88-38), as amended, and Title VII of the Civil Rights Act of 1964 (Pub. L. 88-352). ↑

8. Equality Act 2010. ↑

9. See Women, Business and the Law 2024, World Bank Group (Mar. 4, 2024); “ITUC Policy Brief: Trade union action to promote equal pay for work of equal value,” ITUC (Sept. 14, 2023). ↑

10. These rights are to be interpreted in line with Articles 21 and 22 of the ICCPR, Article 8 of the ICESCR, the ILO Freedom of Association and Protection of the Right to Organise Convention, 1948 (No. 87), and the ILO Right to Organise and Collective Bargaining Convention, 1949 (No. 98). ↑

11. Global Rights Index 2024, ITUC (2024), at 8. ↑

12. Scope 1 greenhouse gas emissions are those that are produced from sources that are owned or controlled by the corporate group. Scope 2 emissions are those that result from the production of electricity, and heating and cooling purchased by the corporate group. Scope 3 emissions are those emitted by the company’s value chain, including those produced by suppliers, distributors, and product usage, to the extent not included in Scope 2. ↑

13. See, e.g., Milieudefensie v. Royal Dutch Shell plc, Case No. C/09/571932 (May 26, 2021). Shell has appealed the decision. ↑

14. The CSDDD will also require covered companies to comply with the terms of about ten international environmental treaties. Because most of these conventions make clear what is prohibited or required, companies with operations that may be covered by their provisions will have greater clarity on what is required. ↑

15. The word “unlawful” will not resolve the legal conflict. The U.N. Human Rights Committee has clarified that the word “unlawful” means that no interference can take place except in cases envisaged by the law, and that the law must comply with the provisions, aims, and objectives of the Covenant. ICCPR General Comment No. 16 (1988). ↑

16. These rights are to be interpreted in line with Article 1 and 27 of the ICCPR and Article 1, 2, and 11 of the ICESCR. Article 27 of the ICCPR provides that where ethnic, religious, or linguistic minorities exist, persons belonging to such minorities shall not be denied the right, in community with the other members of their group, to enjoy their own culture, to profess and practice their own religion, or to use their own language. Article 2 of the ICESCR includes a requirement that rights be exercisable without discrimination of any kind as to race, color, sex, language, religion, political or other opinion, national or social origin, property, birth, or other status. ↑